Members
Stats
  • Total Posts: 28530
  • Total Topics: 8241
  • Online Today: 870
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Cybercriminals Exploit News of Boston Marathon Bombing, Texas Fertilizer Plant E  (Read 874 times)

0 Members and 1 Guest are viewing this topic.

Pez

  • SCF VIP Member
  • *****
  • Posts: 723
  • KARMA: 116
  • Gender: Male
  • Pez
Cybercriminals Exploit News of Boston Marathon Bombing, Texas Fertilizer Plant Explosion

McAfee Labs Messaging Security recently observed a spam campaign based on the Boston Marathon bombing and the Texas fertilizer plant explosion. The messages take advantage of our interest in these tragic events to lure victims to malware and exploits. Last week my colleague Paras Gupta blogged about the use of the Blackhole exploit kit to disguise spam campaigns as top service brands. In that case, spammers served hidden iframes and redirections that exploited vulnerabilities across operating systems. This week, spammers are taking advantage of the tragedies with the help of the Red Kit exploit kit.

The following list of URLs are just a few of the malicious links we observed during our investigation. There could be many more patterns that we have not yet found. 

• http://<some domain>/cnn_boston.html

• http://<some domain>/bostoncnn.html

http://www.<some domain>/bbb_compl_genr.html

• http://<some zombie IP>/boston.html

• http:// <some zombie IP>/news.html

• http:// <some zombie IP>/texas.html
 
The campaign was likely made especially for the Boston Marathon bombings, but it was quickly altered to accommodate the Texas fertilizer plant explosion and follows the same pattern, as we can see from these subject lines.

• Explosions at the Boston Marathon

• Texas Plant Explosion

• Video of Explosion at the Boston Marathon 2013

• Aftermath to explosion at Boston Marathon


• Opinion: Boston Marathon Explosions – FBI Benefits? – CNN.com

• Opinion: North Korean Official’s child was the CIA target – Boston Marathon Explosions

• Opinion: FBI knew about bombs 3 days before Boston Marathon – Why and Who

• Opinion: Boston Marathon Explosions – Obama Benefits? – CNN.com
 
Most of the samples coming with a simple subject line referring to a breaking-news update, with a fake hyperlink and a reference to the current incident. Spammers often take advantage of the latest events to make it tricky for antimalware companies to filter these messages or to recognize them as spam. Spammers target recipients with emails designed to pique their curiosity.

Boston Marathon fake email:



Texas plant fake email:



Fake CNN breaking news email:



People using McAfee Site Advisor will get an instant alert after clicking this type of bogus link.



Those who ignore this warning and choose to “Visit anyway” will reach a title page of a malicious website:

• Hot News::Videos of Explosions at the Boston Marathon 2013

• Hot News::Fertilizer Explosions

 
The page contains the following:

• An automatic download for a malicious executable file that could make changes to the Registry and install files to allow hackers to gain remote entry to the infected PC

• Four or five links to YouTube videos of explosions at the Boston Marathon or Texas fertilizer plant

• Hidden iframes and redirections that exploit vulnerabilities across operating systems
 

After visiting this malicious site, the user will be taken to a web page with four or five valid videos. But the last video has an embedded Red Kit iframe that downloads a payload file without the victim’s knowledge. A sample follows:



McAfee security products will give an alert immediately before a malicious file starts to download on the user’s PC.



As always, we advise users to follow best practices to avoid any targeted fraud/spam/phishing harassment.

• Do not open or click any links in emails from unknown persons

• Ignore unsolicited requests for sensitive personal information

• Regularly update your security software

• Don’t open any suspicious attachments in emails from unknown persons


Orginal article: Tuesday, April 23, 2013 at 11:52am by Kamalesh Singh
Their is two easy way to configure a system!
Every thing open and every thing closed.
Every thing else is more or less complex.

Start Turfing ! http://scforum.info/index.php/topic,8405.msg21475.html#msg21475

Samker's Computer Forum - SCforum.info





 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising